If you have lost a wallet, misplaced a purse, or had your briefcase stolen, you quickly realize your vulnerability when an unauthorized person has access to your smartphone, laptop or tablet. Information such as business and personal contacts, financial records, emails, intellectual property, and electronic account credentials are just the tip of the iceberg for a thief or hacker that can gain physical access to your mobile device.
In addition, physical access to your Internet-enabled device allows someone to gain administrative control of your social media sites, Wi-Fi network, home security system, and other Internet services. What is not readily evident is that the data stored on your mobile device provides all the information necessary to build a profile of you, your colleagues, family and friends.
What would such a profile include? Well, that depends on how you use your mobile device. Let’s consider one source of information stored within your mobile device—Internet/wireless access points. If you leave your Wi-Fi enabled or use social media frequently on your mobile device, a significant amount of information can be retrieved including the places you visit, how often you visit, and the routes you use.
This data is easily retrieved from the history of wireless routers that automatically associate to your mobile device when you come in proximity to them. Your mobile device continuously scans for available Wi-Fi signals in the same manner that your smart phone continuously “looks” for the strongest signal from local cell towers. When the mobile device finds a stronger signal, it “hops” to it and re-associates by exchanging credentials—including specifics about the device and its owner.
To see this in-action, go to your settings and watch the names of the wireless networks that associate to your device. If you can see a name of a network, your device has exchanged “handshake” information, which is stored in the device memory. These wireless access points are then readily located using cloud-based databases such as wiggle.net, and now the person with access to your mobile device knows a lot about where you travel, work and visit.
It is also very simple to isolate dates and times that you visit various places. Photos and videos retrieved from your mobile device provide complementary information to that retrieved from wireless access logs. Metadata is the information embedded in the image file that includes the date, time, location, etc. of the photograph. So when you take a picture or record a video clip and then upload it to a social media site, you are creating a “digital exhaust” that does not dissipate.
Beyond privacy, there are safety issues related to having someone know a lot about you, your habits and lifestyle. When you loose a purse or wallet, the locks on a front door, garage codes, and ATM PINs can all be easily replaced or changed. Lose positive control of your mobile device with your digital ID, and it is not as straightforward. It is far easier to protect information from an unauthorized user than it is to deny use of that information. The following is a list of simple methods for securing your mobile device:
1. Encrypt the Data. Most Android, Windows and iOS devices now come with the ability to encrypt data that is stored on the device and its SD card. A strong encryption method using AES256 will prevent most people from exploiting the device data. It is easy to setup and transparent when you use the device—a simple search of the Help menu will walk you through the setup process.
2. Register your Mobile Device with your Service Provider. Unless your mobile device is unlocked and roams on multiple networks, your service provider can locate it by its IMEI or MEID. More important is the ability for the service provider to verify your identity without using the mobile device, which allows them to remotely disable it and wipe its memory.
3. Employ anti-phone theft software. The software enables you to remotely contact your mobile device and control many of the functions—there are several of these applications available via search engine query.
4. Activate Remote Wipe. This service is very effective. Google, for example, provides Google Apps customers with the capability to remotely access their mobile device using a Web browser; deny access to enterprise applications and data, and wipe all data and settings.
With convenience comes vulnerability. Mobile computing provides significant capability for the owner of the device as well as an unauthorized user. Protecting the information contained within that device is critical.
Content contributed by Advanced Mission Systems, LLC, a company specializing in technical surveillance and physical, electronic and cyber security for military, law enforcement, commercial and individual use, including technical support for small business owners in securing mobile computing devices and systems. For more information, contact Jerry Snyder at 980-819-2600 or visit www.amsdv.com.